Proposal to elect new release rc--2024-11-14_03-07

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 134185.

Here is a summary of the changes since the last release:

Release Notes for release-2024-11-14_03-07-base (cb3cb61009d904bcb726781ad379de10e1b745ff)

This release is based on changes since release-2024-11-07_03-07-base (f88938214b16584075196e13d0af7c50f671131a).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 675edd43b Consensus,Interface: Reduce acceptable finalization-certification gap to one (#2565)
  • c8cfedb4e Execution,Interface: Measure block maker to induction / execution latency (#2498)
  • 9c2d3939f Execution,Interface: EXC: Enable Wasm64 (#2562)
  • 72cf10cba Execution,Interface: Measure per-canister mean ingress queue latency (#2511)
  • 5d68669c9 Execution,Interface: Make subnet replica version available to canisters via management API (#2202)
  • 44ab9f36f Execution,Interface(fuzzing): Add a new fuzzer to fuzz system API calls via StateMachine tests (#1649)
  • 123cf77ac Execution,Interface: Enable Canister Backtraces (#2403)
  • f96077d44 Interface: rework ic-boundary CLI, bump ic-gateway (#2451)
  • ed45bab1d Interface,Message Routing: Lazy pagemaps (#1137)
  • 4e83be165 Interface,Node: refine config tool and add config versioning (#2299)
  • b477d5932 Node: Move bootloader off dockerhub (#2593)
  • 32d152815 Node: Remove retries from docker build (#2500)
  • 01d3b177a Node: install dante-server in base image (#2231)
  • c582bfe2c Node: Move bootloader off dockerhub (#2475)

Bugfixes:

  • bda7e8c90 Interface,Networking: drop the recv_stream before any calls to the send_stream on the receive side, also format correctly log statements so we can see the causes of the errors (#2591)
  • e500f911f Interface,Networking: reset send streams the futures get aborted and improve error reporting on the receive side of the quic transport (#2566)
  • c578a156b Interface,Networking: don’t add the peer id in the extensions for the rpc method (#2504)
  • e5faeaaf7 Interface,Node(icos): Several testing and performance improvements to SetupOS (#2077)
  • 9c1e7fe78 Node: Depend on .git/index in commit_timestamp_txt (#2516)
  • 47a2a110a Node: fix permissions for nftables and systemd-journald (#2488)
  • fc375b15a Node: revert “feat: Move bootloader off dockerhub (#2475)” (#2506)

Chores:

  • 896cafb19 Consensus,Interface(idkg): Replace pseudo-random and pre-signature IDs in RequestId with single CallbackId (#2054)
  • 6034537f7 Execution,Interface: Guard node_metrics_history against ingress (#2549)
  • 3f7fcb995 Execution,Interface: EXC: Minor change to instruction benchmarks (#1546)
  • 7452471b7 Execution,Interface(fuzzing): enable canister sandboxing for fuzzers (#2513)
  • 8b01b687e Interface: upgrade core crates (#2507)
  • b1c0f8ccc Interface: upgrade rust_decimal and rust_decimal_macros (#2508)
  • 073f73166 Interface,Message Routing: Remove old TODOs in the payload builder (#2538)
  • 2d68a2e31 Interface,Networking: improve error tracking in transport (#2552)
  • 3f1716678 Interface,Networking: another readability pass over quic transport (#2540)
  • 4bd76d3bc Interface,Networking: add more documentation to the quic transport code and make some errors infallible (#2515)
  • 8b2932783 Node: Add logging to insert_hsm_if_necessary (#2577)
  • 7990ce66d Node: Update Base Image Refs [2024-11-07-0808] (#2477)

Refactoring:

  • d7cac1965 Execution,Interface: Do not clone in ReplicatedState::get_ingress_status() (#2505)
  • 3c3d9cd36 Interface(crypto): move MasterPublicKeyId protobuf from registry/crypto to types (#2406)
  • da0106cac Node: create generate-ic-config.service (#2343)

Tests:

  • ae957017c Consensus,Interface: Prepare cup_compatibility_test for removal of pb::TaggedNiDkgTranscript (#2537)
  • 3e0cf89b2 Execution,Interface(IDX): depend on the universal canister at run-time instead of at build-time (#2502)
  • 3ad26ca77 Interface(IDX): inline more NNS system-tests (#2574)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/cb3cb61009d904bcb726781ad379de10e1b745ff/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c cb3cb61009d904bcb726781ad379de10e1b745ff --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

2 Likes

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 134186.

Here is a summary of the changes since the last release:

Release Notes for release-2024-11-14_03-07-hashes-in-blocks (e1e8a810e3d8646097459726ce3ab0bd8c0dff96)

This release is based on changes since release-2024-11-14_03-07-base (cb3cb61009d904bcb726781ad379de10e1b745ff).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • e1e8a810e Interface,Networking(Consensus): Enable the hashes-in-blocks feature

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/e1e8a810e3d8646097459726ce3ab0bd8c0dff96/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c e1e8a810e3d8646097459726ce3ab0bd8c0dff96 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 134187.

Here is a summary of the changes since the last release:

Release Notes for release-2024-11-14_03-07-6.11-kernel (34e659ec3272fa2d884f48cb8229140e512f7f5e)

This release is based on changes since release-2024-11-14_03-07-base (cb3cb61009d904bcb726781ad379de10e1b745ff).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Other changes:

  • 34e659ec3 Node: Squashed commit of the following:

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/34e659ec3272fa2d884f48cb8229140e512f7f5e/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 34e659ec3272fa2d884f48cb8229140e512f7f5e --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 134188.

Here is a summary of the changes since the last release:

Release Notes for release-2024-11-14_03-07-ubuntu20.04 (9aaf5ee5e3f68e239e05c1addc4825bdc8466f67)

This release is based on changes since release-2024-11-14_03-07-base (cb3cb61009d904bcb726781ad379de10e1b745ff).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Other changes:

  • 9aaf5ee5e Node: Revert “feat: Upgrade GuestOS to 24.04 (#938)”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/9aaf5ee5e3f68e239e05c1addc4825bdc8466f67/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 9aaf5ee5e3f68e239e05c1addc4825bdc8466f67 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like

Proposal 134185

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

  • Enables the Wasm64 runtime and the canister backtraces features, enables the subnet_info method of the management canister
  • Adds more metrics regarding ingress messages

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

c8cfedb4e:
Adds the message_state_transition_received_duration_seconds, message_state_transition_processing_duration_seconds, message_state_transition_received_to_processing_duration_seconds fields to the IngressHistoryWriterImpl struct. All these three fields are histograms and are observed in the set_status method of the IngressHistoryWriterImpl struct, by distinguishing the cases of a message’s status based on the current status read from the replicated state.

9c2d3939f:
Enables the Wasm64 feature on mainnet by setting the wasm64 field of the FeatureFlags struct to enabled in the default value.

72cf10cba:
Changes the set_status method of the IngressHistoryWriterImpl struct to return an Arc of the previous status of the ingress message. The status is got from the set_ingress_status method of the ReplicatedState struct, which has also been updated to return an Arc of the message’s previous status. The previous status of the message is in turn read from the result returned by the insert method of the IngressHistoryState struct, which has also been updated accordingly.
All these changes have been made in order to read the previous status of the message from the ingress_history_writer.set_status call inside the inner_round method of the SchedulerImpl struct. Here, the newly introduced CanisterIngressQueueLatencies struct is passed as an argument and its on_ingress_status_changed method is called with the previous message status state argument. Similar changes have been applied to the purge_expired_ingress_messages of the same struct. The CanisterIngressQueueLatencies is used to observe the canister_ingress_queue_latencies histogram metric of the SchedulerMetrics.

5d68669c9:
Enables the subnet_info method of the management canister by handling the call in the execute_subnet_message method of the ExecutionEnvironment struct. The call is managed by calling the newly introduced subnet_info method of the ExecutionEnvironment struct. Here we check if the provided subnet id is the same as the current subnet id where the canister is being executed before returning the replica version provided to the execute_subnet_message method as argument.

44ab9f36f:
Matches description.

123cf77ac:
Enables the canister backtraces feature on mainnet by setting the canister_backtrace field of the FeatureFlags struct to enabled in the default value and updates tests to check the feature integrity.

6034537f7:
Changes the handling of the node_metrics_history call of the management canister inside the execute_subnet_message of the ExecutionEnvironment struct to return a reject if the call is an ingress message.

3f7fcb995:
Matches description.

7452471b7:
Matches description.

d7cac1965:
Removes the .cloned() call from the get_ingress_status method of the ReplicatedState struct. Updates the is_duplicate method of the ValidSetRuleImpl struct to use a reference for the != comparison.

3e0cf89b2:
Matches description.


Proposal 134186

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
This release is the same as the one in 134185 with the addition of the commit e1e8a810e, which matches its description.


Proposal 134187

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
This release is the same as the one in 134185 with the addition of the commit 34e659ec3, which matches its description.


Proposal 134188

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
This release is the same as the one in 134185 with the addition of the commit 9aaf5ee5e, which matches its description.

2 Likes

proposal - 134185

Vote: ADOPT

Reason:

I successfully built and verified the guest image. All the commits matched their description. Important changes in regard to 64-bit WebAssembly in this release.

Hash Match: MATCH

2 Urls: MATCH

Feedback:

Proposer Check: MATCH

Overall Summary:

This proposal enables the deployment of 64-bit WebAssembly applications on the Internet Computer’s mainnet.

Introduces new metrics to measure how long messages take in canister ingress queues, which is crucial for optimizing canister performance.

Improve fuzz testing, this proposal increases the robustness and security of the codebase by allowing for better detection of bugs or vulnerabilities in Rust components before they reach production.

Commits Summary

675edd43b
After observing prev setting for ACCEPTABLE_FINALIZATION_CERTIFICATION_GAP behaved as expected the number go lowered from 2 to 1.

c8cfedb4e
New metrics added to IngressHistoryWriterImpl struct.

Three new histograms are added to measure message processing durations: from block inclusion to ingress queue, from creation to execution start, and from induction to execution.

9c2d3939f
Enables wasm64 to mainnet. Ship it!

72cf10cba
Tracking and aggregation of per-canister ingress queue latencies. A new CanisterIngressQueueLatencies struct calculates and observes message processing latencies.

set_status returns the previous ingress status wrapped in Arc<IngressStatus>, enabling tracking and efficient sharing of state transitions for latency measurement.

5d68669c9
SubnetInfo method in the management canister interface, allowing canisters to query details about their subnet, including the replica version.

44ab9f36f
Enhance fuzz testing capabilities for Rust binaries. A new allow_main parameter enables fuzzers to export a main function when needed, and logic was added to conditionally link the appropriate LLVM fuzzer runtime libraries based on this parameter.

123cf77ac
Enables canister backtraces on trap.

f96077d44
Reworks the ic-boundary CLI by regrouping and renaming commands, moving HTTP client/server functionality to ic-bn-lib, and transitioning to environment variable-based configuration like ic-gateway. Shedding is enabled for API boundary nodes, and size limits for governance and ledger canisters were increased to address dependency-related growth.

ed45bab1d
The PageMap and Storage components now support lazy loading, allowing for deferred initialization of storage structures to optimize memory and performance. This includes a new lazy_load method and checks for whether storage is loaded.

The checkpointing logic has been updated to include validation of storage overlays before marking checkpoints as verified. This ensures data integrity by validating all related files during checkpoint operations.

4e83be165
Rename and convert several configuration fields (e.g., nns_public_key_exists, use_ssh_authorized_keys, inject_ic_crypto) to booleans for clarity and efficiency. New fields, such as hostname and generate_ic_boundary_tls_cert, are added to GuestOSDevSettings to support testing and creating testnets with API boundary nodes. The configuration system now includes a config_version field, unit tests for versioning, a protocol for updates, and the decoupling of domain_name from ipv4_config.

b477d5932
Updated BASE_IMAGE with most recent image.

32d152815
Removes the retry logic with exponential backoff and associated exception handling.

01d3b177a
New package dante-server.

c582bfe2c
Updated BASE_IMAGE with most recent image.

bda7e8c90
recv_stream is dropped before any interaction with the send_stream on the receiving side. It also updates log statements to use debug formatting ({:?}), providing clearer insights into error causes. These changes enhance reliability and debugging clarity in the QuicTransport module.

e500f911f
ResetStreamOnDrop guard to replace the previous SendStreamDropGuard, ensuring QUIC streams reset properly on drop. Functions like read_request and write_response have been renamed to to_request and to_response_bytes for better alignment with their purpose, with minimal or no changes to their core logic.

c578a156b
Removes the addition of the peer_id as an extension to the RPC response, as it is unnecessary since the caller already knows the peer_id.

e5faeaaf7
interactive-install and interactive-debug modes for SetupOS, enabling automatic installation with reboot or interactive debugging without installation, streamlining testing and debugging workflows. Disk image handling is optimized by replacing tarballing with direct copying. Outdated launch-* targets are removed, HostOS and GuestOS installation processes are accelerated, and documentation is updated to guide developers in interactive SetupOS usage.

9c1e7fe78
Matches description of timestamp is regenerated whenever a new branch is checked out.

47a2a110a
Matches description of fix permissions for nftables and systemd-journald

fc375b15a
This is a revert of commit that introduced Move bootloader off dockerhub. Commit c582bfe2cc97e2dc2d49a55d050dd452dda9dbfc

896cafb19
Replacing the current RequestId structure, which includes PseudoRandomId and PreSigId, with the CallbackId directly. Compatibility with vet KD requests that lack PseudoRandomId or PreSigId.

6034537f7
Adds a validation step to distinguish between Ingress and Request calls for the NodeMetricsHistory method, explicitly rejecting unexpected Ingress calls.

Addresses potential vulnerability where malicious nodes could exploit this behavior.

3f7fcb995
Doesn’t pass wasm enabled arg to declare_variable.

7452471b7
Restructures and enhances the fuzzer execution. Dedicated fuzzer_sandbox module. This ensures a cleaner organization of fuzzer-related code.

If the intention was different or further technical details were observed, let me know for further refinement!

8b01b687e
Matches description of upgrading core crates.

b1c0f8ccc
Update multiple Rust dependencies to newer versions, including borsh, borsh-derive, rust_decimal, toml_datetime, and introducing new dependencies like cfg_aliases, once_cell, and winnow.

073f73166
Remove TODOS

2d68a2e31
observe_conn_error, observe_read_error, and observe_write_error to encapsulate error classification and increment metrics

into_request_bytes and to_response for handling request serialization and response deserialization.

3f1716678
Refactors the ConnectionHandle struct in the QUIC transport implementation for improved encapsulation and thread-safe connection ID management. Replaces the manual connection ID counter with a static AtomicU64 for generating unique connection IDs in a thread-safe manner.

4bd76d3bc
Refactoring of the ConnectionHandle struct to make the conn_id and metrics fields public and simplify their initialization. The RPC method documentation was updated to clarify its behavior and emphasize the transient nature of errors in the context of QUIC transport.

8b2932783
Add more logging HSM successfully detected.

7990ce66d
Update base image refs.

d7cac1965
Replaces the return type of get_ingress_status from an owned IngressStatus to a borrowed &IngressStatus, optimizing memory usage by avoiding unnecessary cloning.

3c3d9cd36
Migrates ECDSA and related cryptographic types (such as Schnorr and VetKd keys) from registry.crypto.v1 to a new module types.v1, resulting in a namespace shift across multiple Protobuf and Rust files. It replaces all references to these types, ensuring compatibility by updating imports and fields in generated Protobuf code and associated implementations.

da0106cac
Replace generate-replica-config.sh script with generate-ic-config.sh to centralize and standardize the generation of the ic.json5 configuration file. New service dependencies, such as generate-ic-config.service, are introduced to align with the updated configuration flow.

ae957017c
The HasId<NiDkgTag> trait for NiDkgTranscript ensures that the NiDkgTag can be derived directly from NiDkgTranscript, making the tag field in pb::TaggedNiDkgTranscript redundant.

3e0cf89b2
Replaces the build-time dependency include_bytes!("universal-canister.wasm.gz") with a runtime approach that reads the universal canister WASM file via the get_universal_canister_wasm() function. This aligns with treating the universal canister like other canisters, as described in the commit.

3ad26ca77
Refactors tests related to the cycles minting canister, improving clarity and modularity for validating operations like canister creation and top-ups. Dependencies and configurations are updated to support the reorganized tests.

proposal - 134186

Vote: ADOPT

Reason:

I successfully built and verified the guest image.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

e1e8a810e
ENABLE HASHES_IN_BLOCKS_FEATURE_ENABLED

proposal - 134187

Vote: ADOPT

Reason:

I successfully built and verified the guest image.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

34e659ec3
Update base images and kernel to 6.11

proposal - 134188

Vote: ADOPT

Reason:

I successfully built and verified the guest image.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

34e659ec3
Revert commit for feat: Upgrade GuestOS to 24.04.

Adjustments included aligning services like node_exporter with appropriate systemd targets and streamlining SELinux policies by removing redundant permissions.

1 Like

Proposal #134185

Vote: Adopted
Reason: Builds fine and the hash matches along with all the listed commits.

Review of commits

Features:

4e83be165 Interface,Node:
Refactors the IC-OS Config tool and adds config versioning.
b477d5932 Node:
Move bootloader off dockerhub, this time to a more recent ubuntu image.
32d152815 Node:
Done by removing the retry function from docker build that used to retry 3 times with increased tiemouts in case that an exception was raised.
01d3b177a Node: install dante-server in base image (#2231)
Adds dante-server to the package list that is required by GuestOS, this being a requirement to setup the SOCKS proxy on the API boundary nodes in order to enable IPv4 HTTP outcalls.
c582bfe2c Node:
Moves bootloader off dockerhub, but it gets reverted since it breaks some testing.

Bugfixes:

bda7e8c90 Interface,Networking:
Fixes that before calls are made to any method of send_stream the recv_stream is dropped, with some log improvements.
Only accesses the send_stream after the recv_stream has been dropped + reformats a few log messages.
e500f911f Interface,Networking:
Refactoring to make sure QUIC send stream resets as intended after a drop, with additional error metrics added.
c578a156b Interface,Networking:
Removes peer_id from the response of the rpc method since there is no need for it as the caller already knows it.
e5faeaaf7 Interface,Node(icos):
Adds many testing and performance improvements to SetupOS. The comprehensive detailed description is a match.
9c1e7fe78 Node:
Regenerates commit timestamp for every new branch checkout using .git/index.
47a2a110a Node:
Fix permissions for nftables and systemd-journald matches description.
fc375b15a Node:
Revert for c582bfe2c broken move for bootloader off dockerhub.

Chores:

896cafb19 Consensus,Interface(idkg):
Using CallbackId to identify a call context instead of RequestId that contains both PseudoRandomId and PreSigId.
This way RequestId can be reused for vet KD requests.
6034537f7 Execution,Interface:
Adds a guard node_metrics_history against ingress.
The Ic00Method::NodeMetricsHistory method processes incoming messages (msg) and categorizes them based on their type (Ingress or Request).
Ingress calls are unexpected for this method (Ic00Method::NodeMetricsHistory).
The function calls self.reject_unexpected_ingress with the method as an argument to reject the message and return an error response.
3f7fcb995 Execution,Interface:
It simplifies the instruction benchmarks for Wasm64 by removing wasm64_enabled parameter that determines whether the Wasm64 mode is enabled.
7452471b7 Execution,Interface(fuzzing):
Adds the fuzzer_sandbox library to enable canister sandboxing for fuzzers.
The fuzzer_main function allows for modular extensions and conditional execution based on runtime arguments.
8b01b687e Interface:
Upgrades of some core crates.
b1c0f8ccc Interface:
Version upgrade for both rust_decimal and rust_decimal_macros from 1.25.0 to 1.36.0.
073f73166 Interface,Message Routing:
Removes 3 old TODOS from the payload_builder
2d68a2e31 Interface,Networking:
Improves the error tracking metrics in QUIC transport. Adds observe_conn_error function to monitor and classify connection errors, observe_write_error function for tracking and categorizing write errors and provide actionable insights into the nature and frequency of write issues while the observe_read_error function does the same for read errors.
3f1716678 Interface,Networking:
Refactoring to make QUIC transport more readable.
4bd76d3bc Interface,Networking:
Adding more documentation for QUIC transport to the implementation of ConnectionHandle for the RPC function and improvements to error handling.
8b2932783 Node:
Adds logging to the insert_hsm_if_necessary shell script function in the setup-hostos-config.sh script used to check for the presence of a specific private key file (node_operator_private_key.pem) in a config dir. If the file is missing, it waits for a Nitrokey HSM (Hardware Security Module) USB device to be plugged into the system, checking repeatedly until the device is detected or a timeout occurs.
7990ce66d Node:
Update IC-OS base image references.

Refactoring:

d7cac1965 Execution,Interface:
Instead of cloning ingress status returns a reference to IngressStatus, either the value found in ingress_history ur the default value IngressStatus::Unknown if the key is absent.
3c3d9cd36 Interface(crypto):
This one moves the MasterPublicKeyId protobuf along with types (EcdsaCurve, EcdsaKeyId, SchnorrAlgorithm, SchnorrKeyId, VetKdCurve, VetKdKeyId) from the registry.crypto.v1 to types.v1 without any changes.
da0106cac Node:
The generate-replica-config.sh is renamed to generate-ic-config.sh after the added generate-ic-config.service .

Tests:

ae957017c Consensus,Interface:
Adds the HasId<NiDkgTag> trait for NiDkgTranscript as part of removal of pb::TaggedNiDkgTranscript to be replaced by pb::NiDkgTranscript that already has NiDkg.
3e0cf89b2 Execution,Interface(IDX):
Instead of having it included during build-time as include_bytes it now reads the universal canister file in the get_universal_canister_wasm() function that loads and returns the WASM from a file path specified, at run-time in order to treat it the same way as any other canister. The UNIVERSAL_CANISTER_WASM can’t be used from rs/universal_canister/lib/src/lib.rs
because in system-tests paths to runtime dependencies need to be set and we have to get via get_dependency_path(path).
3ad26ca77 Interface(IDX):
Moves more NNS system test logic directly within the main application code, rather than having them as part of a separate test suite.
This is done to ensure tests are more tightly coupled with the implementation logic they are validating, making it easier to verify specific NNS system behaviors during development, mainly related to the cycles minting canister.

Proposal #134186

Vote: Adopted
Reason: Builds fine and the hash matches.

Review:

The only one additional change is
Features:
e1e8a810e Interface,Networking, Consensus: Enable the hashes-in-blocks feature.
This is done by setting HASHES_IN_BLOCKS_FEATURE_ENABLED feature falg to true. Matches description.

Proposal #134187

Vote: Adopted
Reason: Builds fine and the hash matches.

Review:

The only one additional change is
Other changes:
34e659ec3 Node: Squashed commit of the following:
Settings for the GuestOS dockerfile to force using the specific 6.11 kernel for the base image, it matches the description.

Proposal #134188

Vote: Adopted
Reason: Builds fine and the hash matches.

Review:

The only one additional change is
Other changes:
9aaf5ee5e Node: Revert “feat: Upgrade GuestOS to 24.04 (#938)”
Reverts 87ed927. Matches description.

I accidentally posted my earlier review as a reply to cyberowl, so I deleted it and am posting it again…

Proposal 134185: Adopt

I have successfully run the build verification script and in my opinion all of the commits look fine.

Features:

  • 675edd43b Consensus,Interface: Reduce acceptable finalization-certification gap to one (#2565)
    Review: Looks fine + matches description
    Notes: Reduces the ACCEPTABLE_FINALIZATION_CERTIFICATION_GAP constant from 2 to 1, which means notarization will start to be delayed whenever finalization is more than 1 block behind certification.

  • c8cfedb4e Execution,Interface: Measure block maker to induction / execution latency (#2498)
    Review: Looks fine + matches description
    Notes: Adds metrics to track message latencies from block making to induction and execution.

  • 9c2d3939f Execution,Interface: EXC: Enable Wasm64 (#2562)
    Review: Looks fine + matches description
    Notes: Set the wasm64 flag to enabled, allowing support for canisters running in wasm64 mode.

  • 72cf10cba Execution,Interface: Measure per-canister mean ingress queue latency (#2511)
    Review: Looks fine + matches description
    Notes: Adds the CanisterIngressQueueLatencies struct which collects the latency of each canister’s ingress messages then writes them to a histogram at the end of each round.

  • 5d68669c9 Execution,Interface: Make subnet replica version available to canisters via management API (#2202)
    Review: Looks fine + matches description
    Notes: Adds the subnet_info management canister function which returns a struct containing the replica_version.

  • 44ab9f36f Execution,Interface(fuzzing): Add a new fuzzer to fuzz system API calls via StateMachine tests (#1649)
    Review: Looks fine + matches description
    Notes: Adds the execute_system_api_call fuzz target, which installs a canister wasm, then executes each function exported by the wasm.

  • 123cf77ac Execution,Interface: Enable Canister Backtraces (#2403)
    Review: Looks fine + matches description
    Notes: Sets the canister_backtrace flag to enabled and cleans up some test code which covers backtraces.

  • f96077d44 Interface: rework ic-boundary CLI, bump ic-gateway (#2451)
    Review: Looks fine + matches description
    Notes: Updates the ic-bn-lib dependency, cleans up a load of code to work with the new version (eg. renames lots of variables and config options), and switches over to using the load shedding functionality now provided by ic-bn-lib.

  • ed45bab1d Interface,Message Routing: Lazy pagemaps (#1137)
    Review: Looks fine + matches description
    Notes: Modifies the Storage struct to only lazily load the underlying StorageImpl when required, reducing the number of open files during checkpointing.

  • 4e83be165 Interface,Node: refine config tool and add config versioning (#2299)
    Review: Looks fine + matches description
    Notes: Refactors and extends the IC-OS config tool, this includes updating names and types of config values, introducing config_version fields on each of the configuration structs, and introducing new types which help generate various IC-OS configurations.

  • b477d5932 Node: Move bootloader off dockerhub (#2593)
    Review: Looks fine + matches description
    Notes: Updates the Bootloader image and now fetches it from the GitHub Container Registry rather than from Dockerhub.

  • 32d152815 Node: Remove retries from docker build (#2500)
    Review: Looks fine + matches description
    Notes: Removes code which would re-run the docker build after a short delay up to 3 times if it failed.

  • 01d3b177a Node: install dante-server in base image (#2231)
    Review: Looks fine + matches description
    Notes: Adds dante-server to the list of required packages for GuestOS.

  • c582bfe2c Node: Move bootloader off dockerhub (#2475)
    Review: Looks fine + matches description
    Notes: This was a first attempt at moving the Bootlader off Dockerhub which ended up being reverted, b477d5932 is then the fixed version.

Bugfixes:

  • bda7e8c90 Interface,Networking: drop the recv_stream before any calls to the send_stream on the receive side, also format correctly log statements so we can see the causes of the errors (#2591)
    Review: Looks fine + matches description
    Notes: Only accesses the send_stream after the recv_stream has been dropped + reformats a few log messages.

  • e500f911f Interface,Networking: reset send streams the futures get aborted and improve error reporting on the receive side of the quic transport (#2566)
    Review: Looks fine + matches description
    Notes: As far as I can tell there is no functionality change here, it just refactors quic transport to move error handling and request/response builders into separate functions.

  • c578a156b Interface,Networking: don’t add the peer id in the extensions for the rpc method (#2504)
    Review: Looks fine + matches description
    Notes: Removes the peer_id field from ConnectionHandle because each caller initiating the connection already knows the peer Id.

  • e5faeaaf7 Interface,Node(icos): Several testing and performance improvements to SetupOS (#2077)
    Review: Looks fine + matches description
    Notes: Updates a load of IC-OS setup scripts, allows checks to optionally be skipped so that the scripts execute faster in test mode, adds more details to errors, adds more documentation, plus a few other improvements.

  • 9c1e7fe78 Node: Depend on .git/index in commit_timestamp_txt (#2516)
    Review: Looks fine + matches description
    Notes: During Bazel build, makes the commit_timestamp_txt file depend on .git/index so that a new commit timestamp is generated each time a new branch is checked out.

  • 47a2a110a Node: fix permissions for nftables and systemd-journald (#2488)
    Review: Looks fine + matches description
    Notes: Fixes access permissions for nftables and systemd-journald.

  • fc375b15a Node: revert "feat: Move bootloader off dockerhub (#2475)" (#2506)
    Review: Looks fine + matches description
    Notes: Reverts c582bfe2c which was later fixed in b477d5932.

Chores:

  • 896cafb19 Consensus,Interface(idkg): Replace pseudo-random and pre-signature IDs in RequestId with single CallbackId (#2054)
    Review: Looks fine + matches description
    Notes: Stores signatures in a map keyed by their callbackId rather than a pseudorandom value since the callbackId is already unique per key.

  • 6034537f7 Execution,Interface: Guard node_metrics_history against ingress (#2549)
    Review: Looks fine + matches description
    Notes: Adds a guard to the node_metrics_history endpoint so that it can’t be called via ingress message.

  • 3f7fcb995 Execution,Interface: EXC: Minor change to instruction benchmarks (#1546)
    Review: Looks fine + matches description
    Notes: Small cleanup of wasm instrumentation benchmarks, avoiding the need to passin the wasm64 arg to the define_variables_and_functions function.

  • 7452471b7 Execution,Interface(fuzzing): enable canister sandboxing for fuzzers (#2513)
    Review: Looks fine + matches description
    Notes: Enables canister sandboxing for the execute_subnet_message_update_settings fuzz tests.

  • 8b01b687e Interface: upgrade core crates (#2507)
    Review: Looks fine + matches description
    Notes: Upgrades a load of dependencies.

  • b1c0f8ccc Interface: upgrade rust_decimal and rust_decimal_macros (#2508)
    Review: Looks fine + matches description
    Notes: Upgrades rust_decimal and rust_decimal_macros to version 1.36.0.

  • 073f73166 Interface,Message Routing: Remove old TODOs in the payload builder (#2538)
    Review: Looks fine + matches description
    Notes: Removes a few TODO comments that are no longer applicable.

  • 2d68a2e31 Interface,Networking: improve error tracking in transport (#2552)
    Review: Looks fine + matches description
    Notes: Improves the error tracking metrics within quic transport to track the various types of errors.

  • 3f1716678 Interface,Networking: another readability pass over quic transport (#2540)
    Review: Looks fine + matches description
    Notes: Refactors quic transport to make it more readable.

  • 4bd76d3bc Interface,Networking: add more documentation to the quic transport code and make some errors infallible (#2515)
    Review: Looks fine + matches description
    Notes: More refactoring of quic transport adding documentation and small adjustments to error handling.

  • 8b2932783 Node: Add logging to insert_hsm_if_necessary (#2577)
    Review: Looks fine + matches description
    Notes: Add logging to insert_hsm_if_necessary to highlight which branch was taken.

  • 7990ce66d Node: Update Base Image Refs [2024-11-07-0808] (#2477)
    Review: Looks fine + matches description
    Notes: Updates the IC-OS base image references.

Refactoring:

  • d7cac1965 Execution,Interface: Do not clone in ReplicatedState::get_ingress_status() (#2505)
    Review: Looks fine + matches description
    Notes: Avoids cloning the ingress status in get_ingress_status by making it return a reference rather than an owned value.

  • 3c3d9cd36 Interface(crypto): move MasterPublicKeyId protobuf from registry/crypto to types (#2406)
    Review: Looks fine + matches description
    Notes: Moves the proto definitions of a few types from registry/crypto to types/v1.

  • da0106cac Node: create generate-ic-config.service (#2343)
    Review: Looks fine + matches description
    Notes: Removes duplication by creating the generate-ic-config.service service and switching a few places to using it.

Tests:

  • ae957017c Consensus,Interface: Prepare cup_compatibility_test for removal of pb::TaggedNiDkgTranscript (#2537)
    Review: Looks fine + matches description
    Notes: Implements the HasId trait for NiDkgTranscript which is the first step in being able to remove pb::TaggedNiDkgTranscript.

  • 3e0cf89b2 Execution,Interface(IDX): depend on the universal canister at run-time instead of at build-time (#2502)
    Review: Looks fine + matches description
    Notes: Modifies tests to read the universal canister from a file at run time rather than having the bytes included during build time.

  • 3ad26ca77 Interface(IDX): inline more NNS system-tests (#2574)
    Review: Looks fine + matches description
    Notes: Moves the location of a few NNS tests.

Proposal 134186: Adopt

I have successfully run the build verification script and the only additional commit simply enables the HASHES_IN_BLOCKS_FEATURE_ENABLED feature flag.

Proposal 134187: Adopt

I have successfully run the build verification script and the only additional commit looks fine and bumps the Linux Kernel version to 6.11.

Proposal 134188: Adopt

I have successfully run the build verification script and the only additional commit simply reverts a previously included commit which bumped the Ubuntu version to 24.04.

1 Like

Proposal: 134185

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “686b4ab143a1e196a040fa5a6ccaa430b5460843751a069423da44771644fd56”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Detailed Review:

Features:

  • 675edd43b Consensus,Interface: Reduce acceptable finalization-certification gap to one (#2565)
    Notes: Verified that ACCEPTABLE_FINALIZATION_CERTIFICATION_GAP has been reduced to 1 from 2. This is in continuation to a previous PR #2450 to further reduce the acceptable gap between the last certified and finalized heights to one round.
    Review: Code changes look good and match release notes.
  • c8cfedb4e Execution,Interface: Measure block maker to induction / execution latency (#2498)
    Notes: Verified that 3 new histograms have been added to “IngressHistoryWriterImpl” structure namely, transition received, transition processing and transition received to processing (duration-seconds). These new histograms will measure time taken by message to get from block maker into ingress queue, Time taken by messages to get from block maker to execution, Time spent by messages between induction and execution. A minor change is also there where the function system_time_now is made public.
    Review: Code changes look good and match release notes.
  • 9c2d3939f Execution,Interface: EXC: Enable Wasm64 (#2562)
    Notes: Verified the code changes and the flag wasm64 has been enabled and certain memory64 exception related code has been removed.
    Review: Code changes look good and match release notes.
  • 72cf10cba Execution,Interface: Measure per-canister mean ingress queue latency (#2511)
    Notes: A new structure CanisterIngressQueueLatencies has been included which aggregates and observes per-canister ingress queue latencies. The implementation of the function on_ingress_status_changed() has been implemented to record the per-canister ingress queue latency of a message and later there is a functionality to calculate the per-canister mean ingress latency of a queue. In function set_status, Arc library has been added to the variable IngressStatus, keeping track of the ingress latency which helps in calculating the mean latency.
    Review: Code changes look good and match release notes.
  • 5d68669c9 Execution,Interface: Make subnet replica version available to canisters via management API (#2202)
    Notes: The function subnet_info() has been implemented to make subnet replica version available to the canister via Management API. A new public struct SubnetInfoResponse has been added to management canister type, which returns replica_version.
    Review: Code changes look good and match release notes.
  • 44ab9f36f Execution,Interface(fuzzing): Add a new fuzzer to fuzz system API calls via StateMachine tests (#1649)
    Notes: Fuzz Testing has been added to the system API to check the vulnerabilities in the code. Verified that the relevant fuzzer code has been added to the file execute_system_api_call.rs. A new variable allow_main is included to control the fuzzer functionality.
    Review: Code changes look good and match release notes.
  • 123cf77ac Execution,Interface: Enable Canister Backtraces (#2403)
    Notes: Verified the feature flag canister_backtrace is enabled now. This enables the canister backtrace to be returned on trap.
    Review: Code changes look good and match release notes.
  • f96077d44 Interface: rework ic-boundary CLI, bump ic-gateway (#2451)
    Notes: There has been some rework done to ic-boundary CLI command has been regrouped and renamed. A refactor has happened where http server and client cli code has been moved to a library ic-bin-lib. Better use of environment variables have been made to configure the ic-boundary. Shedding has been added for API boundary nodes. A minor code change has been added to bump up the size limits governance and ledger canisters.
    Review: Code changes look good and match release notes.
  • ed45bab1d Interface,Message Routing: Lazy pagemaps (#1137)
    Notes: verified the lazy load functionality has been implemented in the function lazy_load to introduce lazy opening of files. Previously loading all pagemaps was putting too much pressure on the Kernel RAM. With the lazy-load now the memory pages are allocated or initialized only when accessed.
    Review: Code changes look good and match release notes.
  • 4e83be165 Interface,Node: refine config tool and add config versioning (#2299)
    Notes: certain config changes has been made such as:
  1. the renaming of variables for example, domain to domain_name
  2. Change of types to boolean for example, nns_public_key_exists, node_operator_private_key_exists.
  3. Two additional settings have been added to struct GuestOSDevSettings namely, hostname and generate_ic_boundary_tls_cert.
  4. Couple of config commands has been added namely, GenerateGuestosConfig and GenerateTestnetConfig
  5. Config_version has been added to SetupOSConfig
    Review: Code changes look good and match release notes.
  • b477d5932 Node: Move bootloader off dockerhub (#2593)
    Notes: Verified Base image references have been changed.
    Review: Code changes look good and match release notes.
  • 32d152815 Node: Remove retries from docker build (#2500)
    Notes: Verified that the retry logic has been removed from the docker build.
    Review: Code changes look good and match release notes.
  • 01d3b177a Node: install dante-server in base image (#2231)
    Notes: Verified that the dante-server is included in the base image for SOCKS proxy on the API boundary node.
    Review: Code changes look good and match release notes.
  • c582bfe2c Node: Move bootloader off dockerhub (#2475)
    Notes: Similar to previous change the base image references have been changed and verified now it’s pointing to ghcr.io instead of dockerhub.
    Review: Code changes look good and match release notes.

Bugfixes:

  • bda7e8c90 Interface,Networking: drop the recv_stream before any calls to the send_stream on the receive side, also format correctly log statements so we can see the causes of the errors (#2591)
    Notes: recv_stream is dropped before making any calls to send_stream. Changes have been made in handle_bi_stream function. This PR also contains logging and formatting related changes, to debug and understand errors better
    Review: Code changes look good and match release notes.
  • e500f911f Interface,Networking: reset send streams the futures get aborted and improve error reporting on the receive side of the quic transport (#2566)
    Notes: Verified the fix when send streams are reset, the associated futures are properly aborted, preventing potential resource leaks or unintended behaviour. Also some changes are made on error reporting mechanisms on the receive side of quic transport when error occurs on data reception.
    Review: Code changes look good and match release notes.
  • c578a156b Interface,Networking: don’t add the peer id in the extensions for the rpc method (#2504)
    Notes: Unused / unwanted peer id is removed from the response in the extension as the caller already has it.
    Review: Code changes look good and match release notes.
  • e5faeaaf7 Interface,Node(icos): Several testing and performance improvements to SetupOS (#2077)
    Notes: Several testing and performance improvements have been made to SetupOS. The new testing feature now supports two modes of SetupOS install. Along with Automatic mode, now it supports interactive debug mode too without install. Performance changes has been made by creating a new disk image variant that does not tarball the SetupOS, rather image is copied to a temp directory which is near instantaneous. Non-sensical launch-* targets in the dev environments have been removed.
    Review: Code changes look good and match release notes.
  • 9c1e7fe78 Node: Depend on .git/index in commit_timestamp_txt (#2516)
    Notes: Changes addresses generation of timestamp when a new branch is checkedout.
    Review: Code changes look good and match release notes.
  • 47a2a110a Node: fix permissions for nftables and systemd-journald (#2488)
    Notes: Code changes allow nftables to read from /dev/urandom, also allows systemd-journald to access procfs symlinks of canister sandbox process.
    Review: Code changes look good and match release notes.
  • fc375b15a Node: revert “feat: Move bootloader off dockerhub (#2475)” (#2506)
    Notes: Its a revert of a previous commit. May be some more fixes will be needed to move bootloader off dockerhub.
    Review: Code changes look good and match release notes.

Chores:

  • 896cafb19 Consensus,Interface(idkg): Replace pseudo-random and pre-signature IDs in RequestId with single CallbackId (#2054)
    Notes: The PseudoRandomId and PreSigId are removed from RequestId, instead CallbackId is being used directly. This will also allow RequestID to be used for vet KD requests.
    Review: Code changes look good and match release notes.

  • 6034537f7 Execution,Interface: Guard node_metrics_history against ingress (#2549)
    Notes: A validation has been introduced to explicitly reject unexpected ingress message for node_metrics_history method. There are a couple of tests changes as well around this node_metrics_history.
    Review: Code changes look good and match release notes.

  • 3f7fcb995 Execution,Interface: EXC: Minor change to instruction benchmarks (#1546)
    Notes: This PR simplifies instruction benchmarks for wasm64 by removing wasm64_encoded argument from declare_variable and define_variable_and functions.
    Review: Code changes look good and match release notes.

  • 7452471b7 Execution,Interface(fuzzing): enable canister sandboxing for fuzzers (#2513)
    Notes: The fuzzer related code has been moved to a separate lib file to invoke canister sandbox.
    Review: Code changes look good and match release notes.

  • 8b01b687e Interface: upgrade core crates (#2507)
    Notes: Verified that the code changes are there for crates upgrades.
    Review: Code changes look good and match release notes.

  • b1c0f8ccc Interface: upgrade rust_decimal and rust_decimal_macros (#2508)
    Notes: Upgraded rust_decimal to 1.36.0 and rust_decimal_macros to 1.36.0
    Review: Code changes look good and match release notes.

  • 073f73166 Interface,Message Routing: Remove old TODOs in the payload builder (#2538)
    Notes: Minor old TODO comments are removed.
    Review: Code changes look good and match release notes.

  • 2d68a2e31 Interface,Networking: improve error tracking in transport (#2552)
    Notes: The error tracking has been improved in quic transport in connection_handler.rs where observe_conn_error,observe_read_error,observe_write_error are introduced for encapsulating error classification.
    Review: Code changes look good and match release notes.

  • 3f1716678 Interface,Networking: another readability pass over quic transport (#2540)
    Notes: There are changes in COnnectionHandle for its initialization and exposing conn_id and conn itself.
    Review: Code changes look good and match release notes.

  • 4bd76d3bc Interface,Networking: add more documentation to the quic transport code and make some errors infallible (#2515)
    Notes: Documentation has been added in ConnectioNHandle in quic transport and corrected some error reporting.
    Review: Code changes look good and match release notes.

  • 8b2932783 Node: Add logging to insert_hsm_if_necessary (#2577)
    Notes: Added a helpful log around insertion of hsm key.
    Review: Code changes look good and match release notes.

  • 7990ce66d Node: Update Base Image Refs [2024-11-07-0808] (#2477)
    Notes: BASE Image references changes.
    Review: Code changes look good and match release notes.

Refactoring:

  • d7cac1965 Execution,Interface: Do not clone in ReplicatedState::get_ingress_status() (#2505)
    Notes: next_state is now passed as a immutable reference, and hence there is no need to clone.
    Review: Code changes look good and match release notes.
  • 3c3d9cd36 Interface(crypto): move MasterPublicKeyId protobuf from registry/crypto to types (#2406)
    Notes: This code change is a refactor in which MasterPublicKeyId protobuf is moved from registry.crypto.v1 to types.v1,
    Review: Code changes look good and match release notes.
  • da0106cac Node: create generate-ic-config.service (#2343)
    Notes: generate-replica-config has been renamed to generate-ic-config and has been organized is a separate service to be able to be used by both ic-replica.service and ic-crypto-csp.
    Review: Code changes look good and match release notes.

Tests:

  • ae957017c Consensus,Interface: Prepare cup_compatibility_test for removal of pb::TaggedNiDkgTranscript (#2537)
    Notes: cup_compatibility_test has been modified to replace pb::TaggedNiDkgTranscript with pb::NiDkgTranscript as NiDkg tag is also already part of pb::NiDkgTranscript.
    Review: Code changes look good and match release notes.
  • 3e0cf89b2 Execution,Interface(IDX): depend on the universal canister at run-time instead of at build-time (#2502)
    Notes: The build time dependency include_bytes!(“universal-canister.wasm.gz”) is replaced with a run time function call get_universal_canister_wasm().
    Review: Code changes look good and match release notes.
  • 3ad26ca77 Interface(IDX): inline more NNS system-tests (#2574)
    Notes: There is a bit of refactoring in nns system tests related to cycle minting canister. Couple of dependencies and configs are also changed.
    Review: Code changes look good and match release notes.

Proposal: 134186

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “48c6b2a0778c2df1dca24599d2a241d49437b3d1af19e43e3cb388d26f0a358e”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Features:

e1e8a810e Interface,Networking(Consensus): Enable the hashes-in-blocks feature
Notes: HASHES_IN_BLOCKS_FEATURE_ENABLED has been made true.
Review: Code changes look good and match release notes.

Proposal: 134187

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “c6857ecf2ab737850ff4aa4445bf57417d5fb302c00117bfb3b8ba3d1bde41b8”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Other changes:

  • 34e659ec3 Node: Squashed commit of the following:
    Notes: Updated base image references, and added support for 6.11 kernel in guesos docker file
    Review: Code changes look good.

Proposal: 134188

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “9e46f02cb518988551950508b1792afb096e186693a99d7f6281c0ec3c2c50fd”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Other changes:

9aaf5ee5e Node: Revert “feat: Upgrade GuestOS to 24.04 (#938)”
Notes:Its a simple revert of guestos upgrade to 24.04
Review: Code changes matches release notes and look good.

Proposal 134185

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reasons to adopt: The release notes match the commits and the code changes. Builds successfully and all the hashes match

Commits

Features

  • 675edd43b
    Summary: Reduce acceptable finalization-certification gap to one
    Notes: The acceptable finalization-certification gap has been decreased from 2 to 1, continuing the effort started in PR #2450. The goal is to further minimize the gap between the last certified and finalized heights.
    Review: Code changes matches the commit message.

  • c8cfedb4e
    Summary: Measure block maker to induction / execution latency
    Notes: Three new histograms have been added to the “IngressHistoryWriterImpl” structure: transition received, transition processing, and transition received to processing (duration-seconds). These histograms track the time a message takes to move from block maker to ingress queue, from block maker to execution, and between induction and execution. Additionally, the function system_time_now has been made public.
    Review: Code changes matches the commit message.

  • 9c2d3939f
    Summary: Enable Wasm64
    Notes: Verified that the wasm64 flag is enabled and the necessary memory64 exception code has been removed.
    Review: Code changes matches the commit message.

  • 72cf10cba
    Summary: Measure per-canister mean ingress queue latency
    Notes: Introduced CanisterIngressQueueLatencies structure to aggregate and monitor per-canister ingress queue latencies. The on_ingress_status_changed() function records the latency, and there is a mechanism to calculate the mean latency for each canister. Additionally, the Arc library is used in IngressStatus to keep track of ingress latency.
    Review: Code changes matches the commit message.

  • 5d68669c9
    Summary: Make subnet replica version available to canisters via management API
    Notes: The subnet_info() function was implemented, allowing the canister to obtain the subnet replica version. Added a SubnetInfoResponse struct to the management canister type, which returns the replica_version.
    Review: Code changes matches the commit message.

  • 44ab9f36f
    Summary: Add a new fuzzer to fuzz system API calls via StateMachine tests
    Notes: Implemented fuzz testing for the system API to identify vulnerabilities. Relevant fuzzer code was added to execute_system_api_call.rs, and a variable allow_main was introduced to manage fuzzer functionality.
    Review: Code changes matches the commit message.

  • 123cf77ac
    Summary: Enable Canister Backtraces
    Notes: Verified that the canister_backtrace feature flag is now enabled, allowing canister backtraces to be returned upon trap.
    Review: Code changes matches the commit message.

  • f96077d44
    Summary: rework ic-boundary CLI, bump ic-gateway
    Notes: The ic-boundary CLI command has been reorganized and renamed. Refactoring moved HTTP server and client CLI code to ic-bin-lib. Environment variables are now used more effectively for ic-boundary configuration, and API boundary nodes have shedding functionality. Additionally, size limits for governance and ledger canisters were adjusted.
    Review: Code changes matches the commit message.

  • ed45bab1d
    Summary: Message Routing: Lazy pagemaps
    Notes: Implemented lazy loading in lazy_load to reduce RAM pressure by initializing memory pages only when accessed, instead of loading all pagemaps at once.
    Review: Code changes matches the commit message.

  • 4e83be165
    Summary: refine config tool and add config versioning
    Notes: Updated configuration, including renaming variables (e.g., domain to domain_name) and changing types to boolean (e.g., nns_public_key_exists). Added hostname and generate_ic_boundary_tls_cert settings to GuestOSDevSettings. Introduced GenerateGuestosConfig and GenerateTestnetConfig commands, and added config_version to SetupOSConfig.
    Review: Code changes matches the commit message.

  • b477d5932
    Summary: Move bootloader off dockerhub
    Notes: Verified that base image references were updated accordingly.
    Review: Code changes matches the commit message.

  • 32d152815
    Summary: Remove retries from docker build
    Notes: Confirmed the removal of retry logic from the Docker build process.
    Review: Code changes matches the commit message.

  • 01d3b177a
    Summary: install dante-server in base image
    Notes: Verified the inclusion of dante-server in the base image for SOCKS proxy on the API boundary node.
    Review: Code changes matches the commit message.

  • c582bfe2c
    Summary: Move bootloader off dockerhub
    Notes: Similar to a previous update, the base image references were changed and verified to point to ghcr.io instead of Docker Hub.
    Review: Code changes matches the commit message.

Bugfixes

  • bda7e8c90
    Summary: drop the recv_stream before any calls to the send_stream on the receive side, also format correctly log statements so we can see the causes of the errors
    Notes: Adjustments made in the handle_bi_stream function ensure recv_stream is released before invoking send_stream. Additional changes include formatting logs for better visibility of error causes.
    Review: Code changes matches the commit message.

  • e500f911f
    Summary: reset send streams the futures get aborted and improve error reporting on the receive side of the quic transport
    Notes: Addressed an issue where send streams reset would properly abort associated futures, mitigating resource leaks. Improved error reporting for the receive side of QUIC transport during data reception failures.
    Review: Code changes matches the commit message.

  • c578a156b
    Summary: don’t add the peer id in the extensions for the rpc method
    Notes: Eliminated unnecessary peer ID from the extension response, as it is redundant for the caller.
    Review: Code changes matches the commit message.

  • e5faeaaf7
    Summary: Several testing and performance improvements to SetupOS
    Notes: Introduced two installation modes for SetupOS: Automatic and an interactive debug mode. Performance improvements were made by creating a new disk image variant, expediting image copying. Removed obsolete launch targets in development environments.
    Review: Code changes matches the commit message.

  • 9c1e7fe78
    Summary: Depend on .git/index in commit_timestamp_txt
    Notes: Ensured accurate timestamp generation when switching branches.
    Review: Code changes matches the commit message.

  • 47a2a110a
    Summary: fix permissions for nftables and systemd-journald
    Notes: Enabled nftables to read from /dev/urandom and allowed systemd-journald access to specific procfs symlinks for canister sandbox processes.
    Review: Code changes matches the commit message.

  • fc375b15a
    Summary: revert "feat: Move bootloader off dockerhub
    Notes: Reversed a previous commit, with potential additional fixes required for transitioning the bootloader.
    Review: Code changes matches the commit message.

Chores

  • 896cafb19
    Summary: Replace pseudo-random and pre-signature IDs in RequestId with single CallbackId
    Notes: Removed PseudoRandomId and PreSigId from RequestId, simplifying it to use CallbackId. This adjustment also enables use for KD requests.
    Review: Code changes matches the commit message.

  • 6034537f7
    Summary: Guard node_metrics_history against ingress
    Notes: Introduced checks to explicitly reject unexpected ingress messages and made related test updates.
    Review: Code changes matches the commit message.

  • 3f7fcb995
    Summary: Minor change to instruction benchmarks
    Notes: Removed the wasm64_encoded argument from declare_variable and define_variable_and functions.
    Review: Code changes matches the commit message.

  • 7452471b7
    Summary: enable canister sandboxing for fuzzers
    Notes: Moved fuzzer-related code to a separate library file for canister sandbox invocation.
    Review: Code changes matches the commit message.

  • 8b01b687e
    Summary: upgrade core crates
    Notes: Confirmed core crate upgrades in the code.
    Review: Code changes matches the commit message.

  • b1c0f8ccc
    Summary: upgrade rust_decimal and rust_decimal_macros
    Notes: Successfully updated rust_decimal and rust_decimal_macros.
    Review: Code changes matches the commit message.

  • 073f73166
    Summary: Remove old TODOs in the payload builder
    Notes: Cleared obsolete comments to improve code clarity.
    Review: Code changes matches the commit message.

  • 2d68a2e31
    Summary: improve error tracking in transport
    Notes: Introduced functions observe_conn_error, observe_read_error, and observe_write_error for improved error categorization.
    Review: Code changes matches the commit message.

  • 3f1716678
    Summary: another readability pass over quic transport
    Notes: Updated ConnectionHandle initialization and exposed conn_id and conn.
    Review: Code changes matches the commit message.

  • 4bd76d3bc
    Summary: add more documentation to the quic transport code and make some errors infallible
    Notes: Enhanced documentation in ConnectionHandle and improved error reporting.
    Review: Code changes matches the commit message.

  • 8b2932783
    Summary: Add logging to insert_hsm_if_necessary
    Notes: Introduced a helpful log message around HSM key insertion.
    Review: Code changes matches the commit message.

  • 7990ce66d
    Summary: Update Base Image Refs [2024-11-07-0808]
    Notes: Adjusted base image references for compatibility.
    Review: Code changes matches the commit message.

Refactoring

  • d7cac1965
    Summary: Do not clone in ReplicatedState::get_ingress_status()
    Notes: The next_state is now passed as an immutable reference, eliminating the need for cloning.
    Review: Code changes matches the commit message.

  • 3c3d9cd36
    Summary: move MasterPublicKeyId protobuf from registry/crypto to types
    Notes: Refactored MasterPublicKeyId protobuf, moving it from registry.crypto.v1 to types.v1.
    Review: Code changes matches the commit message.

  • da0106cac
    Summary: create generate-ic-config.service
    Notes: Renamed generate-replica-config to generate-ic-config and organized it into a separate service to support both ic-replica.service and ic-crypto-csp.
    Review: Code changes matches the commit message.

Tests

  • ae957017c
    Summary: Prepare cup_compatibility_test for removal of pb::TaggedNiDkgTranscript
    Notes: Modified cup_compatibility_test to replace pb::TaggedNiDkgTranscript with pb::NiDkgTranscript since the NiDkg tag is already included in pb::NiDkgTranscript.
    Review: Code changes matches the commit message.

  • 3e0cf89b2
    Summary: depend on the universal canister at run-time instead of at build-time
    Notes: Replaced the build-time dependency include_bytes!("universal-canister.wasm.gz") with the run-time function get_universal_canister_wasm().
    Review: Code changes matches the commit message.

  • 3ad26ca77
    Summary: inline more NNS system-tests
    Notes: Refactoring involved NNS system tests related to the cycle minting canister, with a few dependency and configuration updates.
    Review: Code changes matches the commit message.

Proposal 134186

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reasons to adopt: The release notes match the commits and the code changes. Builds successfully and all the hashes match

e1e8a810e
Summary: Enable the hashes-in-blocks feature
Notes
HASHES_IN_BLOCKS_FEATURE_ENABLED feature flag is set to true. When the feature flag is enabled we strip all ingress messages from the block before sending it to peer, on the reciever side these ingress messages are reconstructed from the ingress pool and if the message is not found in the ingress pool we fetch it from the peer which is advertising that message.
Review: Code changes matches the commit message.

Proposal 134187

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reasons to adopt: The release notes match the commits and the code changes. Builds successfully and all the hashes match

Other changes:

34e659ec3
Squashed commit of 262826f and 4dae196 which adds command in docker files to download and install 6.11 kernel and modules

Proposal 134188

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reasons to adopt: The release notes match the commits and the code changes. Builds successfully and all the hashes match

Other changes:

9aaf5ee5e
Revert if commit 87ed927 which upgraded guest os to ubuntu 24.04

Proposal 134185

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound.

I’ve reviewed commits selectively, focusing on Consensus and Interface changes. Among other things these include changes relating to the QUIC transport layer and further steps towards the upcoming VetKeys implementation.

Review

Features:

[675edd43b]
Reduces the acceptable gap between the finalised height and the certified height from 2 blocks to 1 block, following on from an earlier change from 3 blocks to 2.

[f96077d44]
Version change for several packages, change of source crate for several elements and related code changes as outlined in the commit notes.

[ed45bab1d]
Implements lazy initialisation of storage for files backing PageMaps, such that the storage structure is only initiated once it’s needed. Changes include addition of lazy_load and other new methods to Storage in rs/replicated_state/src/page_map/storage.rs and use of these in rs/replicated_state/src/page_map.rs.

[4e83be165]
Changes to IC-OS configuration tool including replacing some GuestOSSettings and ICOSSettings fields with booleans, addition of config_version fields, added file generate_testnet_config.rs and new commands GenerateGuestosConfig and GenerateTestnetConfig.

Bugfixes:

[bda7e8c90]
Code change to QUIC transport request handler such that recv_stream is dropped from scope before send_stream is accessed. Adds ‘{:?}’ to log statements in order to display detailed error messages.

[e500f911f]
Renames SendStreamDropGuard to ResetStreamOnDrop and moves it from quic_transport/src/connection_handle.rs to quic_transport/src/lib.rs. Changes to error reporting.

[c578a156b]
Removes peer_id field from ConnectionHandle.

[e5faeaaf7]
Several changes to SetupOS, mainly concerning tests, as explained in detail in the commit notes.

Chores:

[896cafb19]
Removes fields pseudo_random_id and pre_signature_id from and adds field callback_id to RequestId, and changes to other code accordingly. The intention is to enable RequestId to be re-used in requests in the VetKeys implementation, as explained in the commit notes.

[8b01b687e] [b1c0f8ccc]
Version updates for various packages.

[073f73166]
Removal of TODO comments.

[2d68a2e31]
Addition and use of new error types in relation to the QUIC transport layer.

[3f1716678]
Readability changes to QUIC transport code, including changes to some field names, removal of conn_id_counter field from ConnectionManager and addition of metrics field to run_stream_acceptor.

[4bd76d3bc]
Changes to QUIC transport code including expanded documentation, field changes, and changes to error handling within request_handler.rs such that an unspecified http method will return None rather than an error.

[3c3d9cd36]
Moves MasterPublicKeyId and associated enums from registry/crypto/v1 to types/v1 in order to prevent planned future changes from creating a circular dependency.

Tests:

[ae957017c]
Adds get_id function to impl HasId<NiDkgTag> for NiDkgTranscript in preparation for planned future changes, as explained in commit notes.

[3ad26ca77 Interface(IDX): inline more NNS system-tests (#2574)]
Removal of various tests from rs/tests/src/ledger_tests/ and rs/tests/src/nns_tests/ into rs/tests/nns/.

Proposal 134186

Vote: Adopt

Reason: Build is successful. Hashes match. The proposal consists of a single commit (previously seen) which enables the hashes-in-blocks feature.

Proposal 134187

Vote: Adopt

Reason: Build is successful. Hashes match. The proposal consists of a single commit (previously seen) which upgrades Linux kernel version to 6.11 and installs the kernel.

Proposal 134188

Vote: Adopt

Reason: Build is successful. Hashes match. The proposal consists of a single commit which reverts a previous commit upgrading GuestOS to Ubuntu 24.04.

1 Like

Proposal 134185

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits
Commits

Features:

  1. 675edd43b
    Summary: Reduce acceptable finalization-certification gap to one.
    Notes: Reduce the acceptable gap between latest certified and finalized heights to one round by updating ACCEPTABLE_FINALIZATION_CERTIFICATION_GAP to 1.
    Review: Code changes match the commit message.

  2. c8cfedb4e
    Summary: Measure block maker to induction / execution latency.
    Notes: Add a histogram to IngressHistoryWriterImpl struct to measure ingress message latency from block making to induction; and to execution.
    Review: Code changes match the commit message.

  3. 9c2d3939f
    Summary: EXC: Enable Wasm64.
    Notes: Enable the Wasm64 functionality for mainnet by setting the Wasm64 FlagStatus to enabled.
    Review: Code changes match the commit message.

  4. 72cf10cba
    Summary: Measure per-canister mean ingress queue latency.
    Notes: At the end of each round measure the mean observed ingress queue per canister. CanisterIngressQueueLatencies keeps a track of the aggregate per-canister sum and count of ingress message latencies.
    Review: Code changes match the commit message.

  5. 5d68669c9
    Summary: Make subnet replica version available to canisters via management API.
    Notes: Follow up to - feat: [UTP-242] [v3] Make subnet replica version of latest block available to execution environment by michael-weigelt · Pull Request #2248 · dfinity/ic · GitHub. Subnet replica version is available via a management canister call. The function subnet_info provides an interface to query details of their subnets and their respective replica versions.
    Review: Code changes match the commit message.

  6. 44ab9f36f
    Summary: Add a new fuzzer to fuzz system API calls via StateMachine tests.
    Notes: execute_system_api_call.rs implements a new fuzzer to fuzz system API calls which is called in the StateMachine tests.
    Review: Code changes match the commit message.

  7. 123cf77ac
    Summary: Enable Canister Backtraces.
    Notes: Set the canister_backtrace FlagStatus to enabled which will turn on the feature to return canister backtraces on trap.
    Review: Code changes match the commit message.

  8. f96077d44
    Summary: rework ic-boundary CLI, bump ic-gateway.
    Notes: Add load shedding functionality by usingic-bn-lib. Re-group and rename commands and move http client & server CLI to ic-bn-lib.
    Review: Code changes match the commit message.

  9. ed45bab1d
    Summary: Lazy pagemaps.
    Notes: Update the Storage and PageMap structs to support lazy loading for performance and memory optimizations thereby reducing the number of open files during checkpointing.
    Review: Code changes match the commit message.

  10. 4e83be165
    Summary: refine config tool and add config versioning.
    Notes: Rename and change field type to Booleans for clarity - nns_public_key_exists, node_operator_private_key_path, use_ssh_authorized_keys, inject_ic_crypto, inject_ic_state, inject_ic_registry_local_store. Add generate_ic_boundary_tls_cert and hostname to GuestOSDevSettings. Add config commands for GenerateGuestosConfig, GenerateTestnetConfig. Add config_version field, config version unit tests and decouple domain_name from ipv4_config.
    Review: Code changes match the commit message.

  11. b477d5932
    Summary: Move bootloader off dockerhub.
    Notes: Update BASE_IMAGE to a more recent ubuntu image.
    Review: Code changes match the commit message.

  12. 32d152815
    Summary: Remove retries from docker build.
    Notes: Remove the rety method which consists of docker retry logic.
    Review: Code changes match the commit message.

  13. 01d3b177a
    Summary: install dante-server in base image.
    Notes: Include dante-server to the list of required packages for GuestOS.
    Review: Code changes match the commit message.

  14. c582bfe2c
    Summary: Move bootloader off dockerhub.
    Notes: Revert of commit c582bfe2c.
    Review: Code changes match the commit message.

Bugfixes:

  1. bda7e8c90
    Summary: drop the recv_stream before any calls to the send_stream on the receive side, also format correctly log statements so we can see the causes of the errors.
    Notes: Modify handle_bi_stream function. ` recv_stream’ is dropped before we call any method on the ‘send_stream’. Improve logging and error reporting.
    Review: Code changes match the commit message.

  2. e500f911f
    Summary: reset send streams the futures get aborted and improve error reporting on the receive side of the quic transport.
    Notes: SendStreamDropGuard replaced by ResetStreamOnDrop to ensure streams are reset correctly on drop. Improved error handling. No change to logic just some refactoring.
    Review: Code changes match the commit message.

  3. c578a156b
    Summary: don’t add the peer id in the extensions for the rpc method.
    Notes: Remove peer_id call as it is unwanted since the caller already knows it.
    Review: Code changes match the commit message.

  4. e5faeaaf7
    Summary: Several testing and performance improvements to SetupOS.
    Notes: Added 2 new modes for SetupOS - interactive-install and interactive-debug, removed launch-* targets, updated documentation on SetupOS usage and creared a new disk image variant for better performance.
    Review: Code changes match the commit message.

  5. 9c1e7fe78
    Summary: Depend on .git/index in commit_timestamp_txt
    Notes: Regenerate a new timestamp when branches are switched.
    Review: Code changes match the commit message.

  6. 47a2a110a
    Summary: fix permissions for nftables and systemd-journald.
    Notes: Allow nftables to read from /dev/urandom and allow systemd-journald to access procfs symlinks of the canister sandbox process.
    Review: Code changes match the commit message.

  7. fc375b15a
    Summary: revert "feat: Move bootloader off dockerhub.
    Notes: Revert commit c582bfe2c.
    Review: Code changes match the commit message.

Chores:

  1. 896cafb19
    Summary: Replace pseudo-random and pre-signature IDs in RequestId with single CallbackId.
    Notes: Remove PseudoRandomId and PreSigId from RequestId and replace it with CallbackId. This way RequestIdcan be re-used for vet KD requests.
    Review: Code changes match the commit message.

  2. 6034537f7
    Summary: Guard node_metrics_history against ingress.
    Notes: Add an extra step to the node_metrics_history endpoint, to distinguish between Ingress and Request calls for the NodeMetricsHistory method. Some tests were also updated.
    Review: Code changes match the commit message.

  3. 3f7fcb995
    Summary: Minor change to instruction benchmarks.
    Notes: Remove wasm64 argument to the define_variables_and_functions function.
    Review: Code changes match the commit message.

  4. 7452471b7
    Summary: enable canister sandboxing for fuzzers
    Notes: Refactor fuzzer-related logic and moved to a separate library to invoke canister sandbox //rs/execution_environment/fuzz:fuzzer_sandbox.
    Review: Code changes match the commit message.

  5. 8b01b687e
    Summary: upgrade core crates.
    Notes: Core creates updated in the code.
    Review: Code changes match the commit message.

  6. b1c0f8ccc
    Summary: upgrade rust_decimal and rust_decimal_macros.
    Notes: Update rust_decimal from 1.32.0 to 1.36.0 and rust_decimal_macros from 1.32.0 to 1.36.0.
    Review: Code changes match the commit message.

  7. 073f73166
    Summary: Remove old TODOs in the payload builder.
    Notes: Remove old TODO comments that are not needed anymore.
    Review: Code changes match the commit message.

  8. 2d68a2e31
    Summary: improve error tracking in transport.
    Notes: Improve error classification in connection_handler.rs. Added new error categories such as observe_conn_error, observe_read_error, and observe_write_error.
    Review: Code changes match the commit message.

  9. 3f1716678
    Summary: another readability pass over quic transport.
    Notes: Refactor ConnectionHandle, expose conn_id and conn.
    Review: Code changes match the commit message.

  10. 4bd76d3bc
    Summary: add more documentation to the quic transport code and make some errors infallible.
    Notes: Improve error reporting in ConnectionHandle.
    Review: Code changes match the commit message.

  11. 8b2932783
    Summary: Add logging to insert_hsm_if_necessary.
    Notes: Add descriptive logs to insert_hsm_if_necessary() method.
    Review: Code changes match the commit message.

  12. 7990ce66d
    Summary: Update Base Image Refs [2024-11-07-0808]
    Notes: Update base container image references.
    Review: Code changes match the commit message.

Refactoring:

  1. d7cac1965
    Summary: Do not clone in ReplicatedState::get_ingress_status().
    Notes: No need to clone as the next_state is passed as an immutable reference.
    Review: Code changes match the commit message.

  2. 3c3d9cd36
    Summary: move MasterPublicKeyId protobuf from registry/crypto to types.
    Notes: Refactored MasterPublicKeyId protobuf from registry.crypto.v1 to types.v1.
    Review: Code changes match the commit message.

  3. da0106cac
    Summary: create generate-ic-config.service.
    Notes: Rename generate-replica-config to generate-ic-config and is organized into a separate service so that calls can be consolidated.
    Review: Code changes match the commit message.

Tests:

  1. ae957017c
    Summary: Prepare cup_compatibility_test for removal of pb::TaggedNiDkgTranscript.
    Notes: Update cup_compatibility_test, replace pb::TaggedNiDkgTranscript with pb::NiDkgTranscript. Implemented HasId<NiDkgTag> for NiDkgTranscript.
    Review: Code changes match the commit message.

  2. 3e0cf89b2
    Summary: depend on the universal canister at run-time instead of at build-time.
    Notes: Replaces dependency include_bytes!(“universal-canister.wasm.gz”). Update test to read the universal canister at run-time directly from a file instead of having bytes included during build time.
    Review: Code changes match the commit message.

  3. 3ad26ca77
    Summary: inline more NNS system-tests.
    Notes: Refactor in NNS system tests.
    Review: Code changes match the commit message.

Proposal 134186

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits
Commits

Features:

  1. e1e8a810e
    Summary: Enable the hashes-in-blocks feature.
    Notes: Set the HASHES_IN_BLOCKS_FEATURE_ENABLED flag to true.
    Review: Code changes match the commit message.

Proposal 134187

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits
Commits

Other changes:

  1. 34e659ec3
    Summary: Squashed commit of the following:
    Notes: Squashed commits 262826f and 4dae196. Upgrade to 6.11 base images as well as the kernel version to 6.11.
    Review: Code changes match the commit message.

Proposal 134188

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits
Commits

Other changes:

  1. 9aaf5ee5e
    Summary: Revert "feat: Upgrade GuestOS to 24.04.
    Notes: Revert commit 87ed927.
    Review: Code changes match the commit message.

Proposal 134185

Vote: ADOPT

Reason: Build is successful and hashes match, reviewed commits also match their descriptions, therefore I’ve voted to adopt.

Features:

c8cfedb4e Added message_state_transition_received_duration_second, message_state_transition_processing_duration_seconds and message_state_transition_received_to_processing_duration_seconds fields to IngressHistoryWriterImpl which are historgrams used to measure time taken to process messages between separate components.

9c2d3939f Enabled wasm64 feature flag on mainnet and updated embedders test, in test_initial_wasmtime_config memory64 is not listed anymore among the features that must be disabled, the specification test suite’s cfg now manually sets the wasm64 feature flag to false.

72cf10cba Modified set_status and set_ingress_status methods to return the old status wrapped in an Arc, this is then passed to a newly added struct CanisterIngressQueueLatencies which acts as an aggregator for canister queue latencies. At the end of each round the aggregator instance is dropped and canister_ingress_queue_latencies metric is updated with the average latency of each canister.

5d68669c9 Added scaffholding required to expose a new endpoint for the management canister which returns the replica version currently running on the subnet. In execute_subnet_message method a new variant of Ic00Method named SubnetInfo is handled by calling subnet_info method, this checks whether the provided subnet id matches the one of the current subnet and if so returns the replica version.

44ab9f36f Added execute_system_api_call fuzz target, this setups a basic dummy canister, which is then reinstalled and all its exported methods are called.

123cf77ac Enabled feature flag for canister backtrace feature, updated some tests accordingly.

ed45bab1d Modified Storage struct to implement lazy loading functionality, the old struct has been renamed to StorageImpl, which is now wrapped by Storage and only gets read from disk when creating page maps.

Chores:

6034537f7 Added check for NodeMetricsHistory management canister API to reject calls by ingress messages. Moved some tests from execution/general_execution_test to execution_environment/src/canister_manager/tests.

3f7fcb995 Removed wasm64_enabled argument from define_variables_and_functions and declare_variable methods.

073f73166 Removed TODO comments.

Refactoring:

d7cac1965 Modified get_ingress_status method return type to be an immutable reference instead of an owned value. Updated code which uses this method to account for the change.

Proposal 134186

Vote: ADOPT

Reason: Build is successful and hashes match, the proposed changes are the same as 134185 but with feature flag for hashes in block feature enabled.

Proposal 134187

Vote: ADOPT

Reason: Build is successful and hashes match, the proposed changes are the same as 134185 but with docker files updated to use linux kernel version 6.11

Proposal 134188

Vote: ADOPT

Reason: Build is successful and hashes match, the proposed changes are the same as 134185 with the only difference being a commit which reverts changes introduced in a previous release.